Oleg wrote:
> Hi.
>
> Before Squid 3.0 I can change a Proxy-Authenticate header through duplet:
>
> header_access Proxy-Authenticate deny browserFirefox osLinux
> header_replace Proxy-Authenticate Negotiate
>
> That because first authenticate method is NTLM for IE.
>
> After upgrade to Squid 3.0, header_access directive fork into
> request_header_access and reply_header_access. Implicate in my case I
> change directive header_access to reply_header_access. BUT! Now
> directive header_replace works only with request_header_access and don't
> change a Proxy-Authenticate headers.
>
> How to resolve this problem without downgrade to Squid 2.7.6? Or may be
> bypass this another way?
From Squid-3, the proxy-authenticate headers are only relevant between
browser and Squid. So always removed from client request before that
request is passed to the web server.
The *_header_access only apply to headers which are passed though from
browser/client to server.
Why is auth method an issue at all?
Configuring the auth methods in right order should make the browsers use
either method they prefer.
I'd test the capability in 3.0 and see if it works okay now, before
attempting to re-create an old hack.
FWIW, IE on Vista prefers Negotiate to work most efficiently.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 Current Beta Squid 3.1.0.7Received on Mon Apr 20 2009 - 06:13:25 MDT
This archive was generated by hypermail 2.2.0 : Mon Apr 20 2009 - 12:00:02 MDT